cosmopolitan/libc/calls/landlock.h

#ifndef COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_
#define COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_

#define LANDLOCK_CREATE_RULESET_VERSION 0x0001ul

#define LANDLOCK_ACCESS_FS_EXECUTE     0x0001ul
#define LANDLOCK_ACCESS_FS_WRITE_FILE  0x0002ul
#define LANDLOCK_ACCESS_FS_READ_FILE   0x0004ul
#define LANDLOCK_ACCESS_FS_READ_DIR    0x0008ul
#define LANDLOCK_ACCESS_FS_REMOVE_DIR  0x0010ul
#define LANDLOCK_ACCESS_FS_REMOVE_FILE 0x0020ul
#define LANDLOCK_ACCESS_FS_MAKE_CHAR   0x0040ul
#define LANDLOCK_ACCESS_FS_MAKE_DIR    0x0080ul
#define LANDLOCK_ACCESS_FS_MAKE_REG    0x0100ul
#define LANDLOCK_ACCESS_FS_MAKE_SOCK   0x0200ul
#define LANDLOCK_ACCESS_FS_MAKE_FIFO   0x0400ul
#define LANDLOCK_ACCESS_FS_MAKE_BLOCK  0x0800ul
#define LANDLOCK_ACCESS_FS_MAKE_SYM    0x1000ul

/**
 * Allow renaming or linking file to a different directory.
 *
 * @see https://lore.kernel.org/r/20220329125117.1393824-8-mic@digikod.net
 * @see https://docs.kernel.org/userspace-api/landlock.html
 * @note ABI 2+
 */
#define LANDLOCK_ACCESS_FS_REFER 0x2000ul

/**
 * Control file truncation.
 *
 * @see
 * https://lore.kernel.org/all/20221018182216.301684-1-gnoack3000@gmail.com/
 * @see https://docs.kernel.org/userspace-api/landlock.html
 * @note ABI 3+
 */
#define LANDLOCK_ACCESS_FS_TRUNCATE 0x4000ul

#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_

enum landlock_rule_type {
  LANDLOCK_RULE_PATH_BENEATH = 1,
};

struct landlock_ruleset_attr {
  uint64_t handled_access_fs;
};

struct thatispacked landlock_path_beneath_attr {
  uint64_t allowed_access;
  int32_t parent_fd;
};

int landlock_restrict_self(int, uint32_t);
int landlock_add_rule(int, enum landlock_rule_type, const void *, uint32_t);
int landlock_create_ruleset(const struct landlock_ruleset_attr *, size_t,
                            uint32_t);

COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
#endif /* COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_ */
Add latest Linux syscalls including landlock See #485 2022-07-16 01:29:49 +00:00			`#ifndef COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_`
			`#define COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_`

[WIP] Polyfill OpenBSD unveil for Linux (#490) 2022-07-18 09:12:42 +00:00			`#define LANDLOCK_CREATE_RULESET_VERSION 0x0001ul`

Add latest Linux syscalls including landlock See #485 2022-07-16 01:29:49 +00:00			`#define LANDLOCK_ACCESS_FS_EXECUTE 0x0001ul`
			`#define LANDLOCK_ACCESS_FS_WRITE_FILE 0x0002ul`
			`#define LANDLOCK_ACCESS_FS_READ_FILE 0x0004ul`
			`#define LANDLOCK_ACCESS_FS_READ_DIR 0x0008ul`
			`#define LANDLOCK_ACCESS_FS_REMOVE_DIR 0x0010ul`
			`#define LANDLOCK_ACCESS_FS_REMOVE_FILE 0x0020ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_CHAR 0x0040ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_DIR 0x0080ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_REG 0x0100ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_SOCK 0x0200ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_FIFO 0x0400ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_BLOCK 0x0800ul`
			`#define LANDLOCK_ACCESS_FS_MAKE_SYM 0x1000ul`
Write some tests for unveil() See #490 2022-07-18 09:11:06 +00:00
			`/**`
			`* Allow renaming or linking file to a different directory.`
			`*`
			`* @see https://lore.kernel.org/r/20220329125117.1393824-8-mic@digikod.net`
			`* @see https://docs.kernel.org/userspace-api/landlock.html`
			`* @note ABI 2+`
			`*/`
			`#define LANDLOCK_ACCESS_FS_REFER 0x2000ul`
Add latest Linux syscalls including landlock See #485 2022-07-16 01:29:49 +00:00
unveil: Added truncate support on Linux 6.2+ (#803) Right now, cosmopolitan uses Linux Landlock ABI version 2 on Linux, meaning that the polyfill for unveil() cannot restrict operations such as truncate() (a limitation of Landlock's ABI from then). This means that to restrict truncation operations Cosmopolitan instead has to ban the syscall through a SECCOMP BPF filter, meaning that completely legitimate truncate() calls are blocked However, the newest version of the Landlock ABI (version 3) introduced in Linux 6.2, released in February 2023, implements support for controlling truncation operations. As such, the previous SECCOMP BPF truncate() filtering is no longer needed when the new ABI is available This patch implements unveil truncate support for Linux Landlock ABI version 3 2023-04-17 23:17:02 +00:00			`/**`
			`* Control file truncation.`
			`*`
Run clang-format on most sources 2023-04-27 03:45:01 +00:00			`* @see`
			`* https://lore.kernel.org/all/20221018182216.301684-1-gnoack3000@gmail.com/`
unveil: Added truncate support on Linux 6.2+ (#803) Right now, cosmopolitan uses Linux Landlock ABI version 2 on Linux, meaning that the polyfill for unveil() cannot restrict operations such as truncate() (a limitation of Landlock's ABI from then). This means that to restrict truncation operations Cosmopolitan instead has to ban the syscall through a SECCOMP BPF filter, meaning that completely legitimate truncate() calls are blocked However, the newest version of the Landlock ABI (version 3) introduced in Linux 6.2, released in February 2023, implements support for controlling truncation operations. As such, the previous SECCOMP BPF truncate() filtering is no longer needed when the new ABI is available This patch implements unveil truncate support for Linux Landlock ABI version 3 2023-04-17 23:17:02 +00:00			`* @see https://docs.kernel.org/userspace-api/landlock.html`
			`* @note ABI 3+`
			`*/`
			`#define LANDLOCK_ACCESS_FS_TRUNCATE 0x4000ul`

Add latest Linux syscalls including landlock See #485 2022-07-16 01:29:49 +00:00			`#if !(__ASSEMBLER__ + __LINKER__ + 0)`
			`COSMOPOLITAN_C_START_`

			`enum landlock_rule_type {`
			`LANDLOCK_RULE_PATH_BENEATH = 1,`
			`};`

			`struct landlock_ruleset_attr {`
			`uint64_t handled_access_fs;`
			`};`

			`struct thatispacked landlock_path_beneath_attr {`
			`uint64_t allowed_access;`
			`int32_t parent_fd;`
			`};`

			`int landlock_restrict_self(int, uint32_t);`
			`int landlock_add_rule(int, enum landlock_rule_type, const void *, uint32_t);`
			`int landlock_create_ruleset(const struct landlock_ruleset_attr *, size_t,`
			`uint32_t);`

			`COSMOPOLITAN_C_END_`
			`#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */`
			`#endif /* COSMOPOLITAN_LIBC_CALLS_LANDLOCK_H_ */`